[Tutor] IP numbers

[Javier JJ]

This is precisely what I was going to say now :)

I have a DSL connection on a "relatively" unknown IP block (ie, my ISP has
been offering DSL connections on these addresses for a relatively short
time, os it's not a "known" target for hackers as, for example, @Home might
bel :-)). I have ZoneAlarm pro installed (get it, it's _great! :-), and I am
logging on the order of around 100 or so "alerts" in the firewall, dayly!!

But most of thems might be random pings, and random "background" noise from
the internet. I also participate in the DShield project (a project to pool
"distributed" firewall logs to analize them and find traffic / attack
patterns, check it out at www.dshield.org ), and the "logging" client
"cleans up" my logs.. and usually only reports a few alerts as noteworthy...

So, don't be _too_ paranoid. A little paranoid is OK, but try not to overdo
it!! (for instance, I once was getting frequent connection attempts at ports
135, 139 and 444 from a range of 5 differente IP addresses... on the order
of almost 30 attempts / hour for a couple of days... in the end, it was a
misconfigured app that someone had "hardwired" a series of IP to connect
to.. and one of them was mine!! :)

So, my advice is: make sure you have your system properly patched
(windowsUpdate.microsoft.com is your friend), turn off services you aren't
using, get a firewall (the free Zone Alarm should sufice for most people)...
and stop worrying too much about it. IT's _NOT_ "forget about it", just
don't worry too much about it!!

 Javier
----

PC! Politically Correct (or) Pure Crap!


----- Mensaje original -----
De: "Kirby Urner" <urnerk@qwest.net>
Para: "Cameron Stoner" <wolf_binary@hotmail.com>
CC: "python tutor" <tutor@python.org>
Enviado: miércoles, 27 de febrero de 2002 18:32
Asunto: Re: [Tutor] IP numbers


>
> >
> >I have Norton Internet Security which has stopped him so far, but I
wanted
> >to go
> >a step further and not allow him to find me.  I don't know why this
person
> >is comming
> >after me.
> >
> >Cameron
> >
>
> Note:
>
> I don't know if this is your situation, but some people
> who get a firewall for the first time (either hardware,
> or more likely a software product, like ZoneAlarm or
> a Norton thing), and have it log port scans (attempts
> to find security holes), are alarmed by the number of
> such attempts.  This is especially true if you computer
> is "always on" (the Internet that is, e.g. when you have
> DSL or a cable modem).
>
> What you will find is that cyberspace if full of this
> background noise of port scanning.  People are running
> these bots to look for holes.  There aren't necessarily
> people actively paying much attention -- they look over
> the results later.
>
> So if what you're seeing are just random reports of
> being scanned, even by the same IP-domain each time,
> don't think you have to run off and change your IP
> number.  It'll happen with the new number too, as a
> lot of the scanning bots just check huge ranges of
> possible numbers.
>
> And don't take it too personally.  Think of mosquitos
> in the forest, trying to find some blood to suck.
> Carry repellant, zip up your tent, but if you want
> to be in the forest at all, you're going to have to
> put up with pests.
>
> Kirby
>
>
>
> _______________________________________________
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>